Phish Alerts come from the use of the Outlook Phish Alert Button (or alternative). This is a configuration made by admins on the email provider used by their companies. If you want to learn how to configure the Phish Alert button for Outlook click here.
Once the PAB (Phish Alert Button) has been configured, all users from that company will be able to report a suspicious phishing email by clicking on that button. We call this reporting action as "Phish Alerts".
If you're an admin of a Company on Symbol, you'll be able to see all the reports made by your users by navigating to the left sidebar of your Company and clicking on Reports > Phishing Alerts. It will display a list of all the alerts sorted by date/time.
There are multiple types of alerts:
- Simulation (it appears when the email reported is part of a Symbol phishing campaign).
- Suspected Phish (it means that the reported email is not part of a phishing campaign and could be a potential phish email).
- Internal (It means that the user reported one of the internal emails delivered by Symbol Security, it could be for example a training assignment email, which is not phish attempt).
However, the admin could change the category of suspected phish to be:
Malicious: Most severe designation for a suspect phish email.
Spam: Spam emails that could be suspect.
Normal: An email that is not a Symbol phishing email or a suspected phish.
When looking at the details of any alert, admins could see information like:
- Report Date/Time
- Subject Message
- Sender Name
- Email Provider
- User Who reported the phish
If the reported email is part of a phishing campaign admins will be able to jump into the phishing template and if the reported email is a suspected phish they will be able to download a .txt with the content of the email.S Symbol is the author of this solution article.